[dm-crypt] Encrypt all partitions with dm-crypt

Arno Wagner arno at wagner.name
Wed Sep 19 07:13:50 CEST 2012


On Wed, Sep 19, 2012 at 06:52:19AM +0200, Javier Juan Mart?nez Cabez?n wrote:
> On 19/09/12 06:15, Two Spirit wrote:
> > I'm interested in knowing what are some of the trade offs of using the LUKS
> > header v not using the LUKS header.Since I assume the content of the
> > encrypted data is secure, it doesn't matter if someone knows the data is
> > encrypted and has a header and the header only helps in recovery, so I'm
> > not quite seeing what would be an advantage of not using LUKS, but from the
> > email below, there seems to be some reason.
> > 
> Please check tha FAQ's

Indeed. Basically you get passphrase management
(up to 8, can be changed) and protection for
passphrases that are not so high in entropy 
(iteration, salting). You also get management for
non-default crypto parameters.

Main drawback is that if you damage the header,
everything is gine. That is also an advantage if you
want easy secure deletion though.

Details in the FAQ, mostly Sections 2, 5 and 6. 

Arno
-- 
Arno Wagner,    Dr. sc. techn., Dipl. Inform.,   Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell 


More information about the dm-crypt mailing list